Bug 41917 - POP3 server crashes on command "STLS".
POP3 server crashes on command "STLS".
Product: Red Hat Linux
Classification: Retired
Component: imap (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Mike A. Harris
David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 2001-05-22 21:50 EDT by Gerald Gutierrez
Modified: 2007-04-18 12:33 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-06-12 14:15:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Gerald Gutierrez 2001-05-22 21:50:48 EDT
This bug completely prevents the installation of a secured POP3 service 
using Red Hat Linux 7.1 without using external packages.

When I run /usr/sbin/ipop3d (from imap-2000) from the command line and 
give it the "STLS" command, which the RFC says starts TLS negotiation, I 
get the following response:

+OK STLS completed
Aborted (core dumped)

... and the process promptly dumps core. This happens with the prebuilt 
imap-2000 binary as well as with one built from the source RPM. Running 
the core through GDB gives limited stack information, since the binary was 
built without debugging:

(gdb) where
#0  0x401a85c1 in __kill () from /lib/libc.so.6
#1  0x401a833d in raise (sig=6) at ../sysdeps/posix/raise.c:27
#2  0x401a99a8 in abort () at ../sysdeps/generic/abort.c:88
#3  0x0805d443 in net_getbuffer () at eval.c:41
#4  0x080613be in auth_plain_server () at eval.c:41
#5  0x08061729 in auth_plain_server () at eval.c:41
#6  0x0804c588 in strcpy () at ../sysdeps/generic/strcpy.c:31
#7  0x40196e5e in __libc_start_main (main=0x804c194 <strcpy+276>, argc=1,
    ubp_av=0xbffffb4c, init=0x804b538 <_init>, fini=0x80a384c <_fini>,
    rtld_fini=0x4000d3c4 <_dl_fini>, stack_end=0xbffffb3c)
    at ../sysdeps/generic/libc-start.c:129
Comment 1 Need Real Name 2001-06-12 14:15:54 EDT
The problem exists in imap-2000c also:

+OK POP3 imap1.gromco.com v2000.70rh server ready
+OK STLS completed
Aborted (core dumped)
Comment 2 Mike A. Harris 2001-07-06 19:53:32 EDT
You need to have valid SSL certificates configured before STLS will function.
The new packages will migrate an stunnel.pem file automatically if one exists,
or will create a self signed cert otherwise.  This minimizes admin overhead,
even though I do not consider this a bug per se.
imap-2000c-10 generates certs by default in ssl enabled builds which makes
this a non-issue.

Note You need to log in before you can comment on or make changes to this bug.